taichimasta Posted September 17, 2008 Share Posted September 17, 2008 hey this is my first post and few times here on phpfreaks, I'm not a PRO as most of you but i have been studying php a few yrs total(2 almost 3) (reading books , self taught). and I'm in need of assistance/help. my script is a WIP but i just need to figure out why isn't it reading the rows in my database , i need a 3rd party to see what I'm doing wrong. ( its usually something i missed , something small so if you could help me out it would be great) <?php // there is connection code and everything but its not here for obvious reason(s) /***************CONNECTION INFO***********************/ $connection = mysql_connect($host,$dbadmin,$dbpass) or die("Connection failed"); /**************SELECT THE DATABASE*********************/ $sel = mysql_select_db($database,$connection) or die(mysql_error()); /* or die("Confused Selection"); */ /**************SENDING QUERY TO DATQBASE***************/ $sql = "SELECT * FROM $table_1 WHERE user_name='$userme' AND user_pass='$passme'"; $res = mysql_query($sql) or die("lost Package"); $count = mysql_num_rows($res); /********************CHECKING DATABASE FOR USERNAME AND PASSWORD *******/ /***********IF USER EXIST CONTINUE IF NOT DESTORY AND GIVE A NICE MESSAGE SAYING PERSON(S) FAILED***/ if($count==1) { echo "<center>Your in</center>"; exit; } else {echo "<center>Wrong Username or Password</center>";} echo "<center>$count Party pooper</center>"; $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $user = stripslashes($user); $pass = stripslashes($pass); ?> oh before i forget it doesn't read that there are rows matching for a succefull login, it just gives me 0 because i echo is out to see if any rows are there to match. Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted September 17, 2008 Share Posted September 17, 2008 You're using $host as your host, not the value in $host, remove the single quotes around it if you really want it. you didn't set $userme or $passme, also you will want a space between $table_1 and WHERE. (edit: nvm you added the space) Also, you are doing a pointless stripslashes and mysql_real_escape_string() at the bottom. And it's You're in, not Your (this one is for me) Quote Link to comment Share on other sites More sharing options...
btherl Posted September 17, 2008 Share Posted September 17, 2008 Try adding this to your code: echo "Query: $sql<br>"; A lot of problems can be solved by looking at the query your code is generating. Quote Link to comment Share on other sites More sharing options...
taichimasta Posted September 17, 2008 Author Share Posted September 17, 2008 why is it pointless genericnumber1? i need stripslashes and mysql_real_escape_string to prevent injections. and thanks btherl i'm going to do that right now. plus the connection to the database is fine i just put filler varables there so i wouldn't accidently put the real string in to show in this forum. and yes forgive my grammer that will be fixed its less of a worry right now , my main concern is the backend/php. Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted September 17, 2008 Share Posted September 17, 2008 why is it pointless genericnumber1? i need stripslashes and mysql_real_escape_string to prevent injections. and thanks btherl i'm going to do that right now. plus the connection to the database is fine i just put filler varables there so i wouldn't accidently put the real string in to show in this forum. and yes forgive my grammer that will be fixed its less of a worry right now , my main concern is the backend/php. They're pointless because they're below everything and you don't use the variables inside of them in the query. Also, calling stripslashes possibly will undo what escape_string does (if your mysql_real_escape_string() uses \ to escape quotes) john's kitchen becomes john\'s kitchen and then, the next line you change it back to john's kitchen As I said, pointless. Quote Link to comment Share on other sites More sharing options...
taichimasta Posted September 17, 2008 Author Share Posted September 17, 2008 oh your right, ! fixing that now Quote Link to comment Share on other sites More sharing options...
taichimasta Posted September 17, 2008 Author Share Posted September 17, 2008 still can't login , and i checked the query/$sql it just gives me the what i wrote $sql = "SELECT * FROM users WHERE user_name='$user' AND user_pass='$pass'"; ***********************************************OUTPUT********************** SELECT * FROM users WHERE user_name='' AND user_pass='' and mysql_num_rows still gives me 0 which it shouldn't. Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted September 17, 2008 Share Posted September 17, 2008 $user and $pass don't seem to be set, if you're getting them from the form use $user = $_POST['user'] or whatever method you use to get the username Quote Link to comment Share on other sites More sharing options...
taichimasta Posted September 17, 2008 Author Share Posted September 17, 2008 $user = $_POST['username']; $pass = $_POST['userpass']; there set ^ its right before Quote Link to comment Share on other sites More sharing options...
taichimasta Posted September 17, 2008 Author Share Posted September 17, 2008 holy crap that was it , i feel like an idiot thanks you and so fast. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.